private static async Task ProcessAppWithPasswordCredentailsAsync( CredentialRotatePayload payload, StringBuilder executionLogs, Dictionary <string, string> context, AzDoService azdo, Payloads.AzureDevOps.VstsServiceEndpoint endpoint, GraphServiceClient graph, Application application) { if (application.PasswordCredentials.Any()) { executionLogs.AppendLine($"Password Credentails found ({application.PasswordCredentials.Count()})."); context.Add("Total Credentails", application.PasswordCredentials.Count().ToString()); var now = DateTimeOffset.UtcNow; var oldPassCred = application.PasswordCredentials.First(); if (oldPassCred.EndDateTime.HasValue) { var rotationRequired = (now.AddDays(payload.DaysBeforeExpire) > oldPassCred.EndDateTime); executionLogs.AppendLine($"{now.AddDays(payload.DaysBeforeExpire)} > {oldPassCred.EndDateTime} = {rotationRequired}"); if (rotationRequired) { await RotatePasswordCoreAsync(payload, executionLogs, context, azdo, endpoint, graph, application, now, oldPassCred); } } } }
private static async Task RotatePasswordCoreAsync( CredentialRotatePayload payload, StringBuilder executionLogs, Dictionary <string, string> context, AzDoService azdo, Payloads.AzureDevOps.VstsServiceEndpoint endpoint, GraphServiceClient graph, Application application, DateTimeOffset now, PasswordCredential oldPassCred) { var newPassCred = await graph.Applications[application.Id] .AddPassword(new PasswordCredential { DisplayName = $"AutoGen: {now}", Hint = $"AutoGen: {now}", StartDateTime = now, EndDateTime = now.AddDays(payload.LifeTimeInDays) }) .Request().PostAsync(); endpoint.Authorization.Parameters.Serviceprincipalkey = newPassCred.SecretText; await azdo.UpdateServiceEndpointsAsync(payload.ProjectId, endpoint.Id, endpoint); context.Add("Secret Id", newPassCred.KeyId.ToString()); context.Add("Secret Start Time", newPassCred.StartDateTime.ToString()); context.Add("Secret End Time", newPassCred.EndDateTime.ToString()); await graph .Applications[application.Id] .RemovePassword(oldPassCred.KeyId.Value) .Request().PostAsync(); executionLogs.AppendLine($"App ({application.DisplayName}) password credentail ({oldPassCred.KeyId.Value}) deleted successfully"); context.Add("Deleted Secret Id", oldPassCred.KeyId.ToString()); }
private static async Task RotateCertificateCoreAsync( CredentialRotatePayload payload, StringBuilder executionLogs, Dictionary <string, string> context, AzDoService azdo, Payloads.AzureDevOps.VstsServiceEndpoint endpoint, GraphServiceClient graph, Application application, DateTimeOffset now) { var selfSignedCertificate = CertificateUtils.CreateSelfSignedCertificateAsync(validForDays: payload.LifeTimeInDays); var certificateCredentail = new KeyCredential { StartDateTime = now, EndDateTime = now.AddDays(payload.LifeTimeInDays), Type = "AsymmetricX509Cert", Usage = "Verify", Key = CertificateUtils.GetPfxAsBytes(selfSignedCertificate) }; var app = new Application { KeyCredentials = new List <KeyCredential> { certificateCredentail } }; await graph.Applications[application.Id].Request().UpdateAsync(app); endpoint.Authorization.Parameters .ServicePrincipalCertificate = CertificateUtils.GeneratePEMWithPrivateKeyAsString(selfSignedCertificate); await azdo.UpdateServiceEndpointsAsync(payload.ProjectId, endpoint.Id, endpoint); context.Add("Certificate Key Id", certificateCredentail.KeyId.ToString()); context.Add("Certificate Start Time", certificateCredentail.StartDateTime.ToString()); context.Add("Certificate End Time", certificateCredentail.EndDateTime.ToString()); context.Add("Certificate Thumbprint", selfSignedCertificate.Thumbprint); }